Any way to remove or prevent use of manufacturer backdoor BIOS passwords?

Discussion in 'BIOS Mods' started by downloaddeviant, Dec 10, 2012.

  1. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    43
    10
    Backdoor passwords are widely known and published extensively on the web, which makes them extremely insecure.

    The idea is to create a tool (like andyp's tools) that would remove backdoor passwords from a BIOS file. It would be a mod, just like SLIC modding is.

    We'd need to find a way to remove backdoor passwords from a BIOS file, but we wouldn't need to add system owners' passwords: they could do that themselves in the BIOS Setup, just as they do now.
     
  2. urie

    urie Moderator
    Staff Member

    May 21, 2007
    9,039
    3,388
    300
  3. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    43
    10
  4. downloaddeviant

    downloaddeviant MDL Junior Member

    Jan 12, 2008
    64
    5
    0
  5. crappy44

    crappy44 MDL Novice

    Apr 22, 2011
    35
    10
    0
    Hi downloaddeviant,

    please post the bios you want to have modded and the backdoor passwd, so we can finally start hacking.
     
  6. urie

    urie Moderator
    Staff Member

    May 21, 2007
    9,039
    3,388
    300
    I was not going to reply again on this subject but
    at least downloaddeviant has seen sense.
    Also requests to send bios with backdoor password :D why not try starting with your own bios. I already said this would lead to nothing.
     
  7. crappy44

    crappy44 MDL Novice

    Apr 22, 2011
    35
    10
    0
    Huh? Was just trying to help downloaddeviant out. Sounded like a fun challange to find the passwd in whatever bios he has. No details till now so I asked for him to post it. But wow if that is not welcome here ok... And no I don't have a bios with backdoor passwd on my own to try with. :wallbash:
     
  8. tqhoang

    tqhoang MDL BIOS Modder

    Apr 29, 2008
    1,581
    355
    60
    Because you would also have to disable the BIOS recovery methods...otherwise someone can just re-flash the stock BIOS using the recovery method.
     
  9. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    43
    10
    urie, the only reason you say this will lead to nothing is because you believe it will lead to nothing. You're a really draining force in this thread. I don't know if it's because you don't understand what's being asked, because you don't understand what's being said, or because you just enjoy shooting down others ideas.

    I can't understand why you would quote these first three words from downloaddeviant's original post. The reason he has begun to shy away from the idea is not because he has clients, it is because of your constant negativity!

    I wholeheartedly disagree with your assertion that this is a pointless request, and if there is anyone out there who is interested in being a tester, they can either reply to this thread or send me a private mssage.

    tqhoang, this has been addressed earlier in the thread:

    crappy44, even if others don't appreciate your ability to find joy in a working towards solving a problem, I do.
     
  10. crappy44

    crappy44 MDL Novice

    Apr 22, 2011
    35
    10
    0
    For Award bios you can find and change the default/backdoor passwd with the Modbin utility. Or extract the system bios with cbrom and use a hex editor to modify it.
     
  11. drewbug

    drewbug MDL Member

    Aug 15, 2010
    232
    43
    10
    This is an interesting find :) Care to post a link to an example BIOS with a known backdoor password?
     
  12. crappy44

    crappy44 MDL Novice

    Apr 22, 2011
    35
    10
    0
    As stated above I don't have any bios with known passwd. I did that back in the days with a Socket A motherboard. But I don't remember the Model name nor the recovery pass. And right now I only have uefi firmware here to tamper with.

    bios.jpg